The vulnerability is due to improper parsing of XML HmiSet Type attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.
Monthly Archives: August 2016
Bugtraq: [security bulletin] HPSBHF03440 rev.1 – HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
[security bulletin] HPSBHF03440 rev.1 – HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
Bugtraq: [security bulletin] HPSBGN03630 rev.2 – HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
[security bulletin] HPSBGN03630 rev.2 – HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
SonarQube Jenkins Password Disclosure
The SonarQube Jenkins plugin in Jenkins CI suffers from a plain text password disclosure vulnerability.
WSO2 Carbon 4.4.5 Cross Site Request Forgery / Denial Of Service
WSO2 Carbon version 4.4.5 suffers from a cross site request forgery vulnerability that can trigger a denial of service condition.
WSO2 Carbon 4.4.5 Cross Site Scripting
WSO2 Carbon version 4.4.5 suffers from multiple cross site scripting vulnerabilities.
WSO2 Carbon 4.4.5 Local File Inclusion
WSO2 Carbon version 4.4.5 suffers from a local file inclusion vulnerability.
WSO2 Identity Server 5.1.0 XML Injection
WSO2 Identity Server version 5.1.0 suffers from cross site request forgery and XML external-entity injection vulnerabilities.
Nagios Incident Manager 2.0.0 XSS / SQL Injection / Code Execution
Nagios Incident Manager versions 2.0.0 and below suffer from code execution, cross site scripting, and remote SQL injection vulnerabilities.
Nagios Network Analyzer 2.2.0 Command Injection / SQL Injection
Nagios Network Analyzer versions 2.2.0 and below suffer from authentication bypass, arbitrary code execution, and remote SQL injection vulnerabilities.